From 9748e04aa808089c88b240d8037654ee482197f9 Mon Sep 17 00:00:00 2001
From: Md Anam Raihan <md.anam.raihan17@gmail.com>
Date: Tue, 11 Jun 2024 17:14:01 +0530
Subject: [PATCH] feat: removed `kms_region` from the bucket DA inputs as its
 now programmatically determined.<br>* The `existing_kms_instance_guid` input
 variable has been replaced by the `existing_kms_instance_crn` in the both
 bucket DA solutiona. The CRN should now be passed to it instead of the GUID.
 (#642)

---
 .../catalogValidationValues.json.template             |  2 +-
 solutions/secure-cross-regional-bucket/main.tf        | 11 +++++++----
 solutions/secure-cross-regional-bucket/provider.tf    |  2 +-
 solutions/secure-cross-regional-bucket/variables.tf   | 10 ++--------
 .../catalogValidationValues.json.template             |  2 +-
 solutions/secure-regional-bucket/main.tf              | 11 +++++++----
 solutions/secure-regional-bucket/provider.tf          |  2 +-
 solutions/secure-regional-bucket/variables.tf         | 10 ++--------
 tests/pr_test.go                                      |  4 ++--
 9 files changed, 24 insertions(+), 30 deletions(-)

diff --git a/solutions/secure-cross-regional-bucket/catalogValidationValues.json.template b/solutions/secure-cross-regional-bucket/catalogValidationValues.json.template
index 88cd2424..ffea5cce 100644
--- a/solutions/secure-cross-regional-bucket/catalogValidationValues.json.template
+++ b/solutions/secure-cross-regional-bucket/catalogValidationValues.json.template
@@ -1,6 +1,6 @@
 {
   "ibmcloud_api_key": $VALIDATION_APIKEY,
   "bucket_name": $PREFIX,
-  "existing_kms_guid": $HPCS_US_SOUTH_GUID,
+  "existing_kms_instance_crn": $HPCS_US_SOUTH_CRN,
   "cross_region_location": "us"
 }
diff --git a/solutions/secure-cross-regional-bucket/main.tf b/solutions/secure-cross-regional-bucket/main.tf
index a131459b..7ff18d9b 100644
--- a/solutions/secure-cross-regional-bucket/main.tf
+++ b/solutions/secure-cross-regional-bucket/main.tf
@@ -4,14 +4,17 @@
 
 locals {
   # tflint-ignore: terraform_unused_declarations
-  validate_inputs = var.existing_kms_key_crn == null && var.existing_kms_guid == null ? tobool("A value must be passed for 'existing_kms_guid' if not supplying any value for 'existing_kms_key_crn'.") : true
+  validate_inputs = var.existing_kms_key_crn == null && var.existing_kms_instance_crn == null ? tobool("A value must be passed for 'existing_kms_instance_crn' if not supplying any value for 'existing_kms_key_crn'.") : true
+
+  existing_kms_instance_guid   = var.existing_kms_instance_crn != null ? element(split(":", var.existing_kms_instance_crn), length(split(":", var.existing_kms_instance_crn)) - 3) : null
+  existing_kms_instance_region = var.existing_kms_instance_crn != null ? element(split(":", var.existing_kms_instance_crn), length(split(":", var.existing_kms_instance_crn)) - 5) : null
 
   bucket_config = [{
     access_tags                   = var.bucket_access_tags
     bucket_name                   = var.bucket_name
     kms_encryption_enabled        = true
     add_bucket_name_suffix        = var.add_bucket_name_suffix
-    kms_guid                      = var.existing_kms_guid
+    kms_guid                      = local.existing_kms_instance_guid
     kms_key_crn                   = var.existing_kms_key_crn != null ? var.existing_kms_key_crn : module.kms[0].keys[format("%s.%s", var.key_ring_name, var.key_name)].crn
     skip_iam_authorization_policy = var.skip_iam_authorization_policy
     management_endpoint_type      = var.management_endpoint_type_for_bucket
@@ -62,8 +65,8 @@ module "kms" {
   source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
   version                     = "4.13.2"
   create_key_protect_instance = false
-  region                      = var.kms_region
-  existing_kms_instance_guid  = var.existing_kms_guid
+  region                      = local.existing_kms_instance_region
+  existing_kms_instance_guid  = local.existing_kms_instance_guid
   key_ring_endpoint_type      = var.kms_endpoint_type
   key_endpoint_type           = var.kms_endpoint_type
   keys = [
diff --git a/solutions/secure-cross-regional-bucket/provider.tf b/solutions/secure-cross-regional-bucket/provider.tf
index 2e3dc284..ca873524 100644
--- a/solutions/secure-cross-regional-bucket/provider.tf
+++ b/solutions/secure-cross-regional-bucket/provider.tf
@@ -6,5 +6,5 @@ provider "ibm" {
 provider "ibm" {
   alias            = "kms"
   ibmcloud_api_key = var.ibmcloud_api_key
-  region           = var.kms_region
+  region           = local.existing_kms_instance_region
 }
diff --git a/solutions/secure-cross-regional-bucket/variables.tf b/solutions/secure-cross-regional-bucket/variables.tf
index 468b8077..52119e9e 100644
--- a/solutions/secure-cross-regional-bucket/variables.tf
+++ b/solutions/secure-cross-regional-bucket/variables.tf
@@ -8,16 +8,10 @@ variable "ibmcloud_api_key" {
 # KMS variables
 ########################################################################################################################
 
-variable "kms_region" {
-  type        = string
-  default     = "us-south"
-  description = "The region in which KMS instance exists."
-}
-
-variable "existing_kms_guid" {
+variable "existing_kms_instance_crn" {
   type        = string
   default     = null
-  description = "The GUID of the KMS instance that is used for the Object Storage bucket root key. Required only if a KMS root key is specified and if `skip_iam_authorization_policy` is true."
+  description = "The CRN of the KMS instance that is used for the Object Storage bucket root key. Required only if a KMS root key is specified and if `skip_iam_authorization_policy` is true."
 }
 
 variable "skip_iam_authorization_policy" {
diff --git a/solutions/secure-regional-bucket/catalogValidationValues.json.template b/solutions/secure-regional-bucket/catalogValidationValues.json.template
index a113d1c9..35a6241f 100644
--- a/solutions/secure-regional-bucket/catalogValidationValues.json.template
+++ b/solutions/secure-regional-bucket/catalogValidationValues.json.template
@@ -2,5 +2,5 @@
   "ibmcloud_api_key": $VALIDATION_APIKEY,
   "bucket_name": $PREFIX,
   "region": "us-south",
-  "existing_kms_guid": $HPCS_US_SOUTH_GUID
+  "existing_kms_instance_crn": $HPCS_US_SOUTH_CRN
 }
diff --git a/solutions/secure-regional-bucket/main.tf b/solutions/secure-regional-bucket/main.tf
index c5e32af3..cb030ff1 100644
--- a/solutions/secure-regional-bucket/main.tf
+++ b/solutions/secure-regional-bucket/main.tf
@@ -4,14 +4,17 @@
 
 locals {
   # tflint-ignore: terraform_unused_declarations
-  validate_inputs = var.existing_kms_key_crn == null && var.existing_kms_guid == null ? tobool("A value must be passed for 'existing_kms_guid' if not supplying any value for 'existing_kms_key_crn'.") : true
+  validate_inputs = var.existing_kms_key_crn == null && var.existing_kms_instance_crn == null ? tobool("A value must be passed for 'existing_kms_instance_crn' if not supplying any value for 'existing_kms_key_crn'.") : true
+
+  existing_kms_instance_guid   = var.existing_kms_instance_crn != null ? element(split(":", var.existing_kms_instance_crn), length(split(":", var.existing_kms_instance_crn)) - 3) : null
+  existing_kms_instance_region = var.existing_kms_instance_crn != null ? element(split(":", var.existing_kms_instance_crn), length(split(":", var.existing_kms_instance_crn)) - 5) : null
 
   bucket_config = [{
     access_tags                   = var.bucket_access_tags
     bucket_name                   = var.bucket_name
     kms_encryption_enabled        = true
     add_bucket_name_suffix        = var.add_bucket_name_suffix
-    kms_guid                      = var.existing_kms_guid
+    kms_guid                      = local.existing_kms_instance_guid
     kms_key_crn                   = var.existing_kms_key_crn != null ? var.existing_kms_key_crn : module.kms[0].keys[format("%s.%s", var.key_ring_name, var.key_name)].crn
     skip_iam_authorization_policy = var.skip_iam_authorization_policy
     management_endpoint_type      = var.management_endpoint_type_for_bucket
@@ -67,8 +70,8 @@ module "kms" {
   source                      = "terraform-ibm-modules/kms-all-inclusive/ibm"
   version                     = "4.13.2"
   create_key_protect_instance = false
-  region                      = var.kms_region
-  existing_kms_instance_guid  = var.existing_kms_guid
+  region                      = local.existing_kms_instance_region
+  existing_kms_instance_guid  = local.existing_kms_instance_guid
   key_ring_endpoint_type      = var.kms_endpoint_type
   key_endpoint_type           = var.kms_endpoint_type
   keys = [
diff --git a/solutions/secure-regional-bucket/provider.tf b/solutions/secure-regional-bucket/provider.tf
index 2e3dc284..ca873524 100644
--- a/solutions/secure-regional-bucket/provider.tf
+++ b/solutions/secure-regional-bucket/provider.tf
@@ -6,5 +6,5 @@ provider "ibm" {
 provider "ibm" {
   alias            = "kms"
   ibmcloud_api_key = var.ibmcloud_api_key
-  region           = var.kms_region
+  region           = local.existing_kms_instance_region
 }
diff --git a/solutions/secure-regional-bucket/variables.tf b/solutions/secure-regional-bucket/variables.tf
index e2a50955..97b74fef 100644
--- a/solutions/secure-regional-bucket/variables.tf
+++ b/solutions/secure-regional-bucket/variables.tf
@@ -8,16 +8,10 @@ variable "ibmcloud_api_key" {
 # KMS variables
 ########################################################################################################################
 
-variable "kms_region" {
-  type        = string
-  default     = "us-south"
-  description = "The region in which KMS instance exists."
-}
-
-variable "existing_kms_guid" {
+variable "existing_kms_instance_crn" {
   type        = string
   default     = null
-  description = "The GUID of the KMS instance that is used for the Object Storage bucket root key. Required only if a KMS root key is specified and if `skip_iam_authorization_policy` is true."
+  description = "The CRN of the KMS instance that is used for the Object Storage bucket root key. Required only if a KMS root key is specified and if `skip_iam_authorization_policy` is true."
 }
 
 variable "skip_iam_authorization_policy" {
diff --git a/tests/pr_test.go b/tests/pr_test.go
index d54cef23..f84463fb 100644
--- a/tests/pr_test.go
+++ b/tests/pr_test.go
@@ -288,7 +288,7 @@ func TestRunSolutions(t *testing.T) {
 			TerraformVars: map[string]interface{}{
 				"bucket_name":                         fmt.Sprintf("%s-regional-bucket", prefix),
 				"region":                              region,
-				"existing_kms_guid":                   permanentResources["hpcs_south"],
+				"existing_kms_instance_crn":           permanentResources["hpcs_south_crn"],
 				"kms_endpoint_type":                   "public",
 				"management_endpoint_type_for_bucket": "public",
 				"existing_cos_instance_id":            instanceOptions.LastTestTerraformOutputs["cos_instance_id"],
@@ -308,7 +308,7 @@ func TestRunSolutions(t *testing.T) {
 				"bucket_name":                         fmt.Sprintf("%s-cross-region-bucket", prefix),
 				"cross_region_location":               "us",
 				"existing_kms_key_crn":                permanentResources["hpcs_south_root_key_crn"],
-				"existing_kms_guid":                   permanentResources["hpcs_south"],
+				"existing_kms_instance_crn":           permanentResources["hpcs_south_crn"],
 				"management_endpoint_type_for_bucket": "public",
 				"existing_cos_instance_id":            instanceOptions.LastTestTerraformOutputs["cos_instance_id"],
 			},